Project: Quick EditDate: 2022-February-16Security risk: Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:DefaultVulnerability: Information DisclosureDescription: This advisory addresses a similar issue to Drupal core – Moderately critical – Information disclosure – SA-CORE-2022-004.
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the “access in-place editing” permission viewing some content they are are not authorized to access.Solution: Install the latest version:
If you use the Quick Edit module for Drupal 9.x, upgrade to Quick Edit 1.0.1
xjm of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
Drew Webber of the Drupal Security Team
Lee Rowlands of the Drupal Security Team